The following table shows which properties of Primavera Portfolio Management users are being synchronized with which LDAP properties:
PPM group property | LDAP user property |
|---|---|
Login* | sAMAccountName |
Whether the user is a user or a contact | ObjectType.Contact |
First Name | givenName |
Last Name | sn |
Title | title |
Department | department |
Company | company |
Telephone number | telephoneNumber |
Fax number | facsimileTelephoneNumber |
Address | concatenated from LDAP properties "streetAddress", "postOfficeBox", "I", "st", "postalCode", and "co" |
Email address |
Note: a PPM user and a LDAP user are considered the same user (and will be synchronized) if the PPM user's login name matches the LDAP user's SAMAccountName property.
An existing PPM user that is not present under the LDAP container which is being synchronized with, or which is present but disabled in LDAP, will be disabled, unless listed as a user that should be ignored during LDAP synchronization.
An existing PPM user that is present under the LDAP container which is being synchronized with and is enabled in LDAP, will be enabled.
Users that exist and are enabled in LDAP but do not exist in PPM will be created in PPM, up to the licensed number of named users.
The following table shows which properties of PPM groups are being synchronized with which LDAP properties:
PPM group property | LDAP group property |
|---|---|
Name* | name |
Description | description |
*Note: a PPM group and a LDAP group are considered the same group (and will be synchronized) if the PPM group's name matches the LDAP group's name property.
An existing PPM group that is not present under the LDAP container which is being synchronized with, will be deleted in PPM, unless listed as a group that should be ignored during LDAP synchronization.
Groups that exist in LDAP but do not exist in Primavera Portfolio Management will be created in PPM. All members of the group in LDAP will be made members of the group in PPM. Members of the group in PPM that are not members of the group in LDAP will be removed from the group in PPM.
Groups in LDAP which have the property isCriticalSystemObject set to TRUE will not be synchronized with PPM. This includes most built-in groups such as Domain Admins, Domain Users, etc.